Description
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html
Scores
CVSS v3
2.1
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-798
Status
published
Products (4)
realtek/rtl8111ep-cg_firmware
5.0.10
realtek/rtl8111ep-cg_firmware
< 3.0.0.2019090
realtek/rtl8111fp-cg_firmware
5.0.10
realtek/rtl8111fp-cg_firmware
< 3.0.0.2019090
Published
Nov 29, 2022
Tracked Since
Feb 18, 2026